IT IS CLAIMED 

1. A method for implementing redundancy of statefUl network address 
translation information in at least one network device of a data network, the method 
comprising: 

receiving, at a first network device, a first packet from a source device, said first 
packet including a header portion comprising address information relating to a source 
device and a destination device associated with the fu-st packet; 

generating a first network address translation (NAT) entry relating to the source 
device of the first packet, wherein the source device is associated with a globally unique 
network address; 

storing the first NAT entry in a first NAT data structure residing at the first 
network device; 

generating a first network address translation (NAT) transaction message which 
includes information relating to updates or modifications performed on the first NAT data 
structure; and 

transmitting the first NAT transaction message to at least one other network device 
to thereby cause the at least one other network device to update a respective NAT data 
structure associated with the at least one other network device using information from said 
first NAT transaction message. 

2. The method of claim 1 wherein the first NAT entry includes a NAT ID field 
relating to an identity of a specific network device which is responsible for controlling 
modification of that particular NAT entry. 

3. The method of claim 2 further comprising consulting the NAT ID field 
corresponding to a particular NAT entry in the first NAT data structure to determine 
whether modification of the particular NAT entry may be performed. 

4. The method of claim 3 fiirther comprising allowing the first network device 
to modify the particular NAT entry in response to a determination that the NAT ID field of 
the particular NAT entry corresponds to said first network device. 
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5. The method of claim 3 further comprising preventing the first network 
device from modifying the particular NAT entry in response to a determination that the 
NAT ID field of the particular NAT entry does not correspond to said first network device. 

6. The method of claim 2 wherein the NAT transaction message comprises 
information relating to: 

an identifier of the at least one other network device; and 

instructions for causing the at least one other network device to modify its 
respective NAT data structure to include a NAT entry comprising information that is 
substantially identical to the information contained in the first NAT entry. 

7. The method of claim 1 wherein the first network device is a router. 

8. The method of claim 6 further comprising: 

receiving said first NAT transaction message at the at least one other network 
device; and 

modifying a second NAT data structure residing on the at least one other network 
device in accordance with instructions provided in said first NAT transaction message. 

9. The method of claim 8 wherein said modifying includes creating a new 
NAT entry in the second data structure comprising information that is substantially 
identical to the information contained in said first NAT entry. 

10. The method of claim 1 wherein the first network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the at 
least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

1 1 . The method of claim 1 wherein the first network device is configured as an 
active traffic handling device of an active-standby redundancy group, and wherein the at 
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least one other network device is configured as a standby traffic handling device of the 
active-standby redundancy group. 

12. The method of claim 1 wherein the first network device is configured as an 
first peer traffic handUng device of a peer-peer redundancy group, and wherein the at least 
one other network device is configured as a second peer traffic handling device of the 
peer-peer redundancy group. 

13. A method for synchronizing network address translation (NAT) information 
stored on different network devices that have been configured to implement a network 
address translation protocol, each of said network devices including a respective NAT data 
structure configured to store said NAT information, the method comprising: 

creating, in a first NAT data structure of a first network device, a first network 
address translation (NAT) entry relating to a network node engaged in a communication 
session, said first NAT entry including information relating to a local network address of 
the network node and a dynamically assigned global network address of the network node; 

generating a first network address translation (NAT) transaction message which 
includes information relating to updates or modifications performed on the first NAT data 
structure; and 

transmitting the first NAT transaction message to at least one other network device 
to thereby cause the at least one other network device to update a respective NAT data 
structure associated with the at least one other network device using information fi-om said 
first NAT transaction message. 

14. The method of claim 13 wherein the first NAT entry includes a NAT ID 
field relating to an identity of a specific network device which is responsible for 
controlling modification of the first NAT entry. 

15. The method of claim 14 wherein the NAT transaction message comprises 
information relating to: 

an identifier of the at least one other network device; and 
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instructions for causing the at least one other network device to modify its 
respective NAT data structure by creating a second NAT entry comprising information that 
is substantially identical to the information included in the first NAT entry. 

16. The method of claim 15 wherein the second NAT entry includes a 
corresponding NAT ID field which specifies an identity of the first network device. 

1 7. The method of claim 1 5 further comprising: 

receiving said first NAT transaction message at the at least one other network 
device; and 

modifying a second NAT data structure residing on the at least one other network 
device in accordance with instructions provided in said first NAT transaction message. 

18. The method of claim 17 wherein said modifying includes creating a new 
NAT entry in the second data structure comprising information that is substantially 
identical to the information contained in said first NAT entry. 

19. The method of claim 15 further comprising: 

receiving said first NAT transaction message at the at least one other network 
device; and 

modifying, using information from said first NAT transaction message, a second 
NAT data structure residing on the at least one other network device by creating a second 
NAT entry in the second data structure, said second NAT entry comprising information 
that is substantially identical to the information included in said first NAT entry. 

20. The method of claim 19 further comprising consulting a NAT ID field 
corresponding to a particular NAT entry in the second NAT data structure to determine 
whether modification of the particular NAT entry may be performed. 

21. The method of claim 20 fiirther comprising allowing the at least one other 
network device to modify the particular NAT entry in response to a determination that the 
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NAT ID field of the particular NAT entry corresponds to said at least one other network 
device. 

22. The method of claim 20 further comprising preventing the at least one other 
network device from modifying the particular NAT entry in response to a determination 
that the NAT ID field of the particular NAT entry does not correspond to said at least one 
other network device. 

23. The method of claim 13 wherein the first network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the at 
least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

24. The method of claim 13 wherein the first network device is configured as 
an active traffic handling device of an active-standby redundancy group, and wherein the 
at least one other network device is configured as a standby traffic handling device of the 
active-standby redundancy group. 

25. The method of claim 13 wherein the first network device is configured as 
an first peer traffic handling device of a peer-peer redundancy group, and wherein the at 
least one other network device is configured as a second peer traffic handhng device of the 
peer-peer redundancy group. 

26. A method for synchronizing network address translation (NAT) information 
stored on different network devices that have been configured to implement a network 
address translation protocol, each of said network devices including a respective NAT data 
stiiicture configured to store said NAT information, said NAT information including at 
least one NAT entry relating to a network node engaged in a communication session with 
at least one other network node, the method comprising: 

modifying at least one NAT entry in a first NAT data structure associated with a 
first NAT network device; 
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generating a first network address translation (NAT) transaction message which 
includes information relating the modifications performed on the first NAT data structure; 
and 

transmitting the first NAT transaction message to at least one other NAT network 
device to thereby cause the at least one other NAT network device to modify a respective 
NAT data structure associated with the at least one other NAT network device using 
information from said first NAT transaction message. 

27. The method of claim 26 wherein the NAT transaction message includes 
information relating to an addition of a new NAT entry to the first NAT data structure. 

28. The method of claim 26 wherein the NAT transaction message includes 
information relating to a deletion of a NAT entry from the first NAT data structure. 

29. The method of claim 26 wherein the NAT transaction message includes 
information relating to a modification of an existing NAT entry in the first NAT data 
structure. 

30. A computer program product comprising a computer readable medium, the 
computer readable medium comprising computer code for implementing the method of 
claim 26. 

31. A method for synchronizing network address translation (NAT) information 
stored on different network devices that have been configured to implement a network 
address translation protocol, each of said network devices including a respective NAT data 
structure configured to store said NAT information, the method comprising: 

receiving, at a first network device, a first NAT transaction message which 
includes updated network address translation (NAT) information generated by a second 
network device, the updated NAT information including information relating to 
modifications to be performed on NAT information stored in a first NAT data structure on 
the first network device; and 
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modifying the first NAT data structure using information fi-om said first NAT 
transaction message to thereby achieve synchronization of NAT information stored on the 
first and second network devices. 

32. The method of claim 31 wherein the NAT transaction message includes 
instructions to add a new NAT entry to the first NAT data structure. 

33. The method of claim 31 wherein the NAT transaction message includes 
instructions to delete a specific NAT entry stored in the first NAT data structiire. 

34. The method of claim 31 wherein the NAT transaction message includes 
instructions to modify an existing NAT entiy in the first NAT data structure. 

35. A network device configured to implement redimdancy of stateful network 
address translation information in a data network, the network device comprising: 

at least one processor; 

at least one interface configured or designed to provide a communication link to at 
least one other network device in the data network; and 
memory; 

said at least one processor being configured to store in said memory a plurality of 
data structures, including: 

a first network address ti-anslation (NAT) data structure configured to store 
information relating to address translations corresponding to selected network nodes in the 
network; and 

a NAT tiansaction data structiire configured to store transactional information 
relating to updates or modifications performed on the first NAT data structure; 

said network device being configured to transmit at least a portion of said NAT 
transactional information to said at least one other network device to thereby cause the at 
least one other NAT network device to modify a respective NAT data structure associated 
with the at least one other NAT network device using the NAT transaction information. 

36. The device of claim 35: 
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wherein the network device is further configured or designed to receive NAT 
transactional information from said at least one other device, said received NAT 
transactional information including information relating to updates or modifications 
performed on said respective NAT data structure associated with the at least one other 
network device; and 

wherein the network device is further configured or designed to update or modify 
said first NAT data structure using data from said received NAT fransactional information 
to thereby achieve redundancy of NAT information stored on the first network device and 
the at least one other network device. 



37. The device of claim 35 wherein the network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the at 
least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

38. The device of claim 35 wherein the network device is configured as an 
active traffic handling device of an active-standby redundancy group, and wherein the at 
least one other network device is configured as a standby traffic handling device of the 
active-standby redundancy group. 



39. The device of claim 36 wherein the network device is configured as an first 
peer traffic handKng device of a peer-peer redundancy group, and wherein the at least one 
other network device is configured as a second peer traffic handling device of the peer- 
peer redundancy group. 

40. The device of claim 36 wherein the network device is configured as a 
fraffic handling device and further comprises a routing table. 

41 . A network device configured to implement redundancy of stateflil network 
address translation information in a data network, the network device comprising: 

at least one processor; 
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at least one interface configured or designed to provide a communication link to 
second network device in the data network; and 
memory; 

said at least one processor being configured to store in said memory a plurality of 
data structures, including: 

a first network address translation (NAT) data structure configured to store 
information relating to address translations corresponding to selected network nodes in the 
network; and 

a NAT transaction data structure configured to store transactional 
information relating to updates or modifications performed on the first NAT data structure; 

wherein the network device is configured or designed to receive NAT transactional 
information fi-om said a second network device, said received NAT transactional 
information including information relating to updates or modifications of NAT 
information associated with a second NAT data stincture corresponding to the second 
network device; and 

wherein the network device is further configured or designed to update or modify 
said first NAT data structure using data from said received NAT transactional information 
to thereby achieve redundancy of NAT information stored on the first and second network 
devices. 

42. A system for synchronizing network address tianslation information stored 
on different network devices in a data network, the system comprising: 

a first network device configured to implement a network address translation 
protocol, the first network device comprising: 

at least one first processor; and 

first memory; 

wherein said at least one first processor is configured to store in said first memory 
a first plurality of data structures, including: 

a first network address translation (NAT) data structure configured to store 
information relating to address ti-anslations corresponding to selected network nodes in the 
network; and 
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a first NAT transaction data structure configured to store transactional 
information relating to updates or modifications performed on the first NAT data structure; 

said first network device being configured to transmit at least a portion of said 
NAT transactional information to at least one other network device; and 

a second network device configured to implement a network address translation 
protocol, the second network device comprising: 

at least one second processor; and 

second memory; 

wherein said at least one first processor is configured to store in said second 
memory a second plurality of data structures, including: 

a second network address translation (NAT) data structure configured to 
store information relating to address translations corresponding to selected network nodes 
in the network; and 

a second NAT transaction data structure configured to store transactional 
information relating to updates or modifications performed on the second NAT data 
structure; 

said second network device being configured or designed to receive NAT 
transactional information fi-om said first device, and update or modify said second NAT 
data structure using data from the NAT ti-ansactional information received fi-om the first 
device. 

43. The device of claim 42 wherein the first network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the 
second network device is configured as a backup traffic handling device of the primary- 
backup redundancy group. 

44. The device of claim 42 wherein the first network device is configured as an 
active traffic handling device of an active-standby redundancy group, and wherein the 
second network device is configured as a standby traffic handling device of the active- 
standby redundancy group. 
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45. The device of claim 42 wherein the first network device is configured as a 
first peer traffic handling device of a peer-peer redundancy group, and wherein the second 
network device is configured as a second peer traffic handling device of the peer-peer 
redundancy group. 

46. A computer program product for synchronizing network address translation 
(NAT) information stored on different network devices that have been configured to 
implement a network address translation protocol, each of said network devices including 
a respective NAT data structure configxu-ed to store said NAT information, the computer 
program product comprising: 

a comprising a computer readable medium, the computer readable medium 
comprising: 

computer code for creating, in a first NAT data structure of a first network device, 
a first network address translation (NAT) entry relating to a network node engaged in a 
communication session, said first NAT entry including information relating to a local 
network address of the network node and a dynamically assigned global network address 
of the network node; 

computer code for generating a first network address translation (NAT) transaction 
message which includes information relating to updates or modifications performed on the 
first NAT data structure; and 

computer code for transmitting the first NAT transaction message to at least one 
other network device to thereby cause the at least one other network device to update a 
respective NAT data structixre associated with the at least one other network device using 
information from said first NAT transaction message. 

47. The computer program product of claim 46 further comprising: 
computer code for receiving a second NAT transaction message firom the at least 

one other network device; and 

computer code for modifying the first NAT data structure in accordance with 
instructions provided in said second NAT transaction message. 
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48. A computer program product for synchronizing network address translation 
(NAT) information stored on different network devices that have been configured to 
implement a network address translation protocol, each of said network devices including 
a respective NAT data structure configured to store said NAT information, the computer 

5 program product comprising: 

a comprising a computer readable medium, the computer readable medium 
comprising: 

computer code for receiving, at a first network device, a first NAT transaction 
message which includes updated network address translation (NAT) information generated 
10 by a second network device, the updated NAT information including information relating 
to modifications to be performed on NAT information stored in a first NAT data structure 
on the first network device; and 

computer code for modifying the first NAT data structure using information from 
said first NAT transaction message to thereby achieve synchronization of NAT 
15 information stored on the first and second network devices. 

49. A network device configured to implement redimdancy of stateful network 
address translation information in a data network, the network device comprising: 

means for creating, in a first NAT data structure of a first network device, a first 
20 network address translation (NAT) entry relating to a network node engaged in a 
communication session, said first NAT entry including information relating to a local 
network address of the network node and a dynamically assigned global network address 
of the network node; 

means for generating a first network address translation (NAT) transaction message 
25 which includes information relating to updates or modifications performed on the first 
NAT data structure; and 

means for transmitting the first NAT transaction message to at least one other 
network device to thereby cause the at least one other network device to update a 
respective NAT data structure associated with the at least one network device using 
30 information from said first NAT transaction message. 



ATTYDKT: CISCP191 



48 



50. A network device configured to implement redundancy of stateful network 
address translation information in a data network, the network device comprising: 

means for receiving, at a first network device, a first NAT transaction message 
which includes updated network address translation (NAT) information generated by a 
5 second network device, the updated NAT information corresponding to updated NAT 
information stored on the second network device, the updated NAT information including 
information relating to modifications to be performed on NAT information stored in a first 
NAT data structure on the first network device; and 

modifying the first NAT data structure using information fi-om said first NAT 
0 transaction message to thereby achieve redundancy of NAT information stored on the first 
and second network devices. 
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